The KiFoundation core team and community takes all security issues and vulnerabilities very seriously.
Please report security vulnerabilities to contact@foundation.ki. Please avoid opening a public Github issue or posting on social media or Discord.
The team will respond with the next steps following the email. The team will keep you informed on the remediation process and may ask for additional guidance/information.
Please include the following in your report:
- Your name/affiliation (if any)
- Description of the technical details of the vulnerability, including how to reproduce.
- An explanation of who can exploit this vulnerability, including possible attack scenarios.
- Whether this vulnerability is public or known to third parties.
The core team asks security researchers to keep communications around vulnerabilities private and confidential until a patch is ready.